Return Oriented Programming and ROPgadget tool

Introduction

In recent years, application exploits, especially buffer overflows, are made more difficult by
protections implemented by operating systems. And as a fact, it's increasingly rare to execute
arbitrary code on the stack. There are techniques to circumvent NX but these are useless if the
libc functions are protected by the ASCII-ARMOR.

However, there is an attachment technique that allows to bypass all these protections. This
technique is ROP (Return Oriented Programming). This type of attack that is extremely boring enough
to realize, consists in chaining together sequences of instructions called "gadget" in order to
change the registers status and execute a system call or perform any other function.

Generally, ROP is used to call execve() but here, in our case, we will try to build an execve
like this: